Extracted

• • Target

    f31ff6f68ebe392291dbb6214ea9ff92_JaffaCakes118

  • Size

    10.5MB

  • MD5

    f31ff6f68ebe392291dbb6214ea9ff92

  • SHA1

    8502e236e8ae0ff89bff5c17e3697f1e3be2861f

  • SHA256

    1c080453192d6860817dfd3f7d55054a384f0c5b51661212f38adcb0c6f612bf

  • SHA512

    680b1e606ace8a65b4fc5480f16ad50c2636981f08faa25df5237e61c2de2ae130969ab363fc201e4bf3be8cd7d5457be31a0d5cdcfbd125ecf4812f6eb9ed91

  • SSDEEP

    49152:S1yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllln:SA

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2